Tag Archives: InfoSec

Protect Your Macintosh with AVG

The “Macs don’t get viruses” nonsense was never really true; it was only “common knowledge” because there was no practical reason to write viruses for Macs–the “security through obscurity” maxim protected the ecosystem since the mid-1980s. Since the rise of Apple’s marketshare in the 21st century, there has been an increase in the threat of malware and other nasty bits of code infecting so-called “immune” Macintosh computers. Once upon a time, antivirus for Mac was considered a joke and a ripoff. Today, it is an understated necessity.

Enter AVG–long have they been one of the bastions of security in the PC sphere, their flagship antivirus utility is now available for Mac. It’s a lightweight application that offers the level of protection one would expect from AVG on a PC, and it even scans for known PC and Android threats to prevent you from unwittingly spreading an infection to other devices!

In addition to AVG’s antivirus, they also offer a useful cleaner app that scans your Mac for detritus that can bog down the system and cause a loss in performance or valuable hard drive space. Many applications leave behind small breadcrumbs–configuration files or other nonessential bits of code–in the OSX Library or System folders, usually as hidden files or folders that even most advanced users wouldn’t necessarily know to look for after uninstalling. The AVG Cleaner app scours your hard drive for this kind of refuse and eliminates it. I ran it once and regained an easy 3.5GB of space!

It’s a brave new world out there, and we’re better off being prepared than we are posturing with austerity. You don’t have to use AVG, but for the price, it can’t be beat!

Also on:

What Apple’s FBI Standoff Says About Google’s Android Security

Everyone fails to recognize that the decentralised nature of Android is–while being a “mainstream flaw”–is one of its greatest strengths. Yes, Google wants to have more control over its operating system, but that goes against the very nature of what they intended when they began developing it. The point of the matter, though, is that very little would change if that asshole had used Android instead (considering the likely application of Paranoid Android in such a case). Actually, the whole matter would likely be less of an issue politically because there is not one entity to subpoena. The FBI could subpoena Google to do something, but Google could (in good faith) say that there is nothing they can do if an alternative OS were installed. The takeaway here should not be how much more secure iPhones are (they aren’t necessarily), but that compulsory cracking like this is dangerous to freedom at large.

“There is nothing new in the realization that the Constitution sometimes insulates the criminality of a few in order to protect the privacy of us all.”

Justice Antonin Scalia

Source: What Apple’s FBI Standoff Says About Google’s Android Security | Re/code

Also on:

Customer Letter – Apple

Tim Cook and Apple are telling the US Government to get bent, and for good reason: encryption is vital to our individual security and to undermine that is to undermine our entire society. If the “good guys” can have a backdoor into your house, it’s only a matter of time before the bad guys copy the keys.

If your first reaction is to shrug and say, “I have nothing to hide,” I hate to break it to you, but you’re not clever enough to understand the implications, so go sit down at the kids’ table and let the grown-ups argue.

As a side note (full journalistic disclosure): If you read this website, you already know my opinions on Apple are complicated, but I do use a 2010 Macbook Pro daily, and I encourage most “casual users” to consider adopting OSX machines as their daily drivers. Despite this, I do loathe iOS since the move to “flat design”, and I vehemently refuse to “upgrade” OSX past Mavericks for design reasons as well as “integration features” that annoy me.

A Message to Our Customers

Source: Customer Letter – Apple

Also on:

Stranger hacks family’s baby monitor and talks to child at night

I keep a Foscam IP camera like the one in this story around just to tinker with. They are anything BUT secure, though!

A 3-year-old boy living in Washington received quite the scare when he started hearing a voice talk to him at night. After telling his parents, Mom was shocked at what she found.

Source: Stranger hacks family’s baby monitor and talks to child at night  | SF Globe

Also on:

How to create app-specific passwords in Google

Sometimes you’re going to run across an application that uses the Google API, but for whatever reason does not support 2-factor authentication. Google has wisely built an infrastructure for such incidents. In your security settings, you can create “burner” passwords that can be used for specific applications. You typically don’t need to remember or write down these passwords because they are persistent on the device accessing Google, only accessible to one application, and can easily be exchanged for a new code if ever compromised. To get one of these passwords, head over to http://myaccount.google.com/security

If you’ve never used this section of Google before, it would be beneficial to take a couple of minutes to familiarize yourself with the options available before proceeding. When you’re ready, scroll down to “Signing in to Google” under the “Sign-in & security” section.

Screen Shot 2016-01-17 at 3.38.08 PM

In the screenshot above, you can see the “App passwords” heading on the bottom-right. Click this section and you will likely be prompted to enter your Google password again before accessing the app passwords section.

The following page will present you with a list of applications using specific passwords. To create a new password, just select the appropriate options from the drop-down menus and click “Generate”. You’ll be presented with a 16-character password that you can use to log in persistently with a particular application (such as Outlook or Apple Mail). If the password is ever compromised, you can simply click the “Revoke” button and the password is burned forever.

Also on:

It’s Time to Enable Two-Step Authentication on Everything. Here’s How.

If you don’t already have two-step authentication enabled on your all your accounts, you really need to turn it on for anything sensitive. Here’s how.

Source: It’s Time to Enable Two-Step Authentication on Everything. Here’s How.

Five strategies for reclaiming our personal privacy online

Our privacy is being exploited commercially by the oligopoly of Silicon Valley. With so little control over our online lives, how can we reclaim the balance?

Source: Five strategies for reclaiming our personal privacy online | Technology | The Guardian

Watch What You Say: The Cloud Might Be Listening

Welcome to the latest, weirdest phase of our relationship with technology: machines that eavesdrop on us.

Source: Watch What You Say: The Cloud Might Be Listening | WIRED

Also on:

Your Unhashable Fingerprints Secure Nothing

Remember: Your fingerprints are public record. Your fingerprints are NOT secret. Your fingerprints are easily duplicated. Do not use them to secure anything.

Source: Your Unhashable Fingerprints Secure Nothing | Hackaday

Also on:

The $24 Billion Data Business That Telcos Don’t Want to Talk About

Charging you out of house and home on the front end, then selling out your data on the back end? When will we demand that these Goliaths behave better?

Under the radar, Verizon, Sprint, and other carriers have partnered with firms including SAP to manage and sell data.

Source: The $24 Billion Data Business That Telcos Don’t Want to Talk About

Also on: